Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oBtrjUXbuQ2ltXsz-v7Q2iOT3GA.roa
File:                     oBtrjUXbuQ2ltXsz-v7Q2iOT3GA.roa (raw, json)
Hash identifier:          F76Ef2oKurt68EfauOgCyeengLJONX8Fciqh3psaQ5A=
Subject key identifier:   A0:1B:6B:8D:45:DB:B9:0D:A5:B5:7B:33:FA:FE:D0:DA:23:93:DC:60
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       0194228D915F32B1BC251095DD48D015012D
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oBtrjUXbuQ2ltXsz-v7Q2iOT3GA.roa
Signing time:             Wed 01 Jan 2025 15:48:10 +0000
ROA not before:           Wed 01 Jan 2025 15:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        92.71.18.64/27 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:91:5f:32:b1:bc:25:10:95:dd:48:d0:15:01:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  1 15:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a01b6b8d45dbb90da5b57b33fafed0da2393dc60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ea:89:3d:39:54:87:02:37:41:a1:57:04:99:
                    01:50:28:66:8b:99:31:c2:c7:1a:56:fa:22:5f:f2:
                    77:b4:86:7d:43:b9:99:95:e4:ee:9e:f6:68:d3:55:
                    4d:ef:0f:60:f6:9d:21:55:b9:75:41:f8:18:ca:70:
                    58:b9:49:d4:ab:db:19:3f:9c:7f:de:85:c8:53:42:
                    95:88:75:ef:7f:60:bf:c1:98:50:41:8f:33:09:90:
                    73:e1:c0:47:04:1e:74:f5:85:fa:24:b1:b4:81:cd:
                    9f:e9:11:b2:b1:e0:bf:b0:8b:c5:b9:31:2a:88:b8:
                    44:3e:9d:c2:c9:76:df:ca:52:31:c5:54:d3:1d:b5:
                    8c:7f:f4:ee:85:61:da:61:26:b7:0c:03:50:23:d8:
                    15:c1:a1:6f:04:2b:a8:5a:b5:1c:1d:28:dd:b0:45:
                    fd:b6:05:ea:00:d3:81:09:cb:1b:2c:e9:ea:f5:21:
                    67:19:07:ec:b3:f3:42:76:fb:a8:0e:0b:bb:cb:66:
                    2a:48:06:19:ba:ac:7e:40:e7:2d:d5:95:7b:3b:ae:
                    15:f7:e0:4e:59:79:4d:df:87:8d:2e:81:69:7f:3b:
                    96:07:77:c0:d3:f0:ea:8c:09:53:3f:0f:f7:ed:ba:
                    92:a0:3d:76:12:48:03:5c:c6:13:84:95:3c:15:aa:
                    03:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:1B:6B:8D:45:DB:B9:0D:A5:B5:7B:33:FA:FE:D0:DA:23:93:DC:60
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/oBtrjUXbuQ2ltXsz-v7Q2iOT3GA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.71.18.64/27

    Signature Algorithm: sha256WithRSAEncryption
         11:00:4e:e7:10:0d:73:8f:fc:3f:f5:5f:4c:9e:8e:71:ce:a3:
         9a:dd:5a:62:44:d2:89:92:08:f4:3e:97:82:8b:99:76:0a:26:
         6a:c0:fa:4b:f3:9d:e3:7a:1c:ac:f6:8d:9d:8c:b6:38:49:88:
         98:7c:47:e1:c6:18:09:b1:5e:b7:ba:47:98:ec:84:f2:b4:48:
         03:55:46:d6:4c:d9:4a:28:b7:18:e6:0c:7a:55:e4:d5:42:d7:
         4a:34:91:14:27:5d:1a:06:9d:15:00:05:0e:3b:a6:61:4b:a4:
         84:84:41:f2:96:43:89:18:75:5f:16:5f:aa:df:64:ab:58:70:
         c3:e8:1b:c6:36:2f:3d:54:c3:3d:6f:7b:e2:2f:b1:9f:dd:cc:
         33:34:c7:6e:db:51:bc:03:c9:8a:71:2a:ec:9b:c8:c7:4f:06:
         59:40:91:8c:77:7e:29:a5:de:2c:67:63:cb:c6:f8:29:8b:25:
         35:15:6e:ef:c1:1f:33:9a:a2:a0:0d:a8:25:4e:5d:4b:87:db:
         92:0a:58:90:dd:e9:9c:16:5d:f7:47:51:3c:74:60:50:f9:c2:
         cd:7a:d6:27:5e:d5:6b:2f:97:4c:61:15:c0:b8:b2:87:1b:39:
         47:de:dc:b8:d9:c4:92:05:b6:96:43:86:70:dd:90:27:4f:47:
         f0:f0:aa:1f
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijZFfMrG8JRCV3UjQFQEtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjUwMTAxMTU0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDFiNmI4ZDQ1ZGJiOTBkYTViNTdiMzNmYWZlZDBkYTIzOTNkYzYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqOqJPTlUhwI3QaFXBJkBUChmi5kx
wscaVvoiX/J3tIZ9Q7mZleTunvZo01VN7w9g9p0hVbl1QfgYynBYuUnUq9sZP5x/
3oXIU0KViHXvf2C/wZhQQY8zCZBz4cBHBB509YX6JLG0gc2f6RGyseC/sIvFuTEq
iLhEPp3CyXbfylIxxVTTHbWMf/TuhWHaYSa3DANQI9gVwaFvBCuoWrUcHSjdsEX9
tgXqANOBCcsbLOnq9SFnGQfss/NCdvuoDgu7y2YqSAYZuqx+QOct1ZV7O64V9+BO
WXlN34eNLoFpfzuWB3fA0/DqjAlTPw/37bqSoD12EkgDXMYThJU8FaoDmwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFKAba41F27kNpbV7M/r+0Nojk9xgMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvb0J0cmpVWGJ1UTJsdFhzei12N1EyaU9UM0dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUFXEcSQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEQBO5xANc4/8P/VfTJ6Occ6jmt1aYkTSiZII9D6X
gouZdgomasD6S/Od43ocrPaNnYy2OEmImHxH4cYYCbFet7pHmOyE8rRIA1VG1kzZ
Sii3GOYMelXk1ULXSjSRFCddGgadFQAFDjumYUukhIRB8pZDiRh1XxZfqt9kq1hw
w+gbxjYvPVTDPW974i+xn93MMzTHbttRvAPJinEq7JvIx08GWUCRjHd+KaXeLGdj
y8b4KYslNRVu78EfM5qioA2oJU5dS4fbkgpYkN3pnBZd90dRPHRgUPnCzXrWJ17V
ay+XTGEVwLiyhxs5R97cuNnEkgW2lkOGcN2QJ09H8PCqHw==
-----END CERTIFICATE-----